Botnet behind spike in Tor traffic was due to a botnet, which had been in operation since at least 2009. Botnet is made up of infected machines in North America, Asia, and Africa. The gang behind the botnet made a fatal error when it moved to Tor from SSH over Port 443. The group was looking for a way to hide its C&C traffic when the switch to Tor was noticed. The botnet had been running this botnet supposedly since 2009 they haven’t got caught up till now, says chief scientist.”]
Source: https://www.darkreading.com/attacks-breaches/how-the-massive-tor-botnet-failed-